Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Concerns #22

Open
bleonar5 opened this issue Dec 11, 2023 · 0 comments
Open

Security Concerns #22

bleonar5 opened this issue Dec 11, 2023 · 0 comments
Assignees
@bleonar5
Labels
Scoping Discussion regarding the scope, design, and features of the psych-DS validator Technology Stack for issues that touch of the frameworks/languages/integrations used by the validator

Comments

@bleonar5
Copy link
Contributor

  • The app should encrypt all traffic to the app with HTTPS.
  • The app should encode all rendered output to prevent XSS vulnerabilities. As far as I understand, using jsx should be able to cover this requirement.
  • Make sure all JSONs are rendered as strings.
  • Explicitly set character sets (utf-8) to prevent decoding attacks
  • Whitelist allowed sources for script and style, only allow imports from app origin
@bleonar5 bleonar5 added Scoping Discussion regarding the scope, design, and features of the psych-DS validator Technology Stack for issues that touch of the frameworks/languages/integrations used by the validator labels Dec 11, 2023
@bleonar5 bleonar5 self-assigned this Dec 11, 2023
@bleonar5 bleonar5 mentioned this issue Dec 11, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bleonar5 bleonar5

Labels
Scoping Discussion regarding the scope, design, and features of the psych-DS validator Technology Stack for issues that touch of the frameworks/languages/integrations used by the validator
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bleonar5